Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Todo el contenido
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-14448
2026-01-15
MEDIUM
5.4
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Multiple Checkbox and Multiple Select user profile fields in all versions up to,…
CVE-2026-23582
2026-01-15
N/A
0.0
Rejected reason: Not used
CVE-2026-23581
2026-01-15
N/A
0.0
Rejected reason: Not used
CVE-2026-23580
2026-01-15
N/A
0.0
Rejected reason: Not used
CVE-2026-23579
2026-01-15
N/A
0.0
Rejected reason: Not used
CVE-2026-23578
2026-01-15
N/A
0.0
Rejected reason: Not used
CVE-2026-23577
2026-01-15
N/A
0.0
Rejected reason: Not used
CVE-2026-23576
2026-01-15
N/A
0.0
Rejected reason: Not used
CVE-2026-23575
2026-01-15
N/A
0.0
Rejected reason: Not used
CVE-2026-23574
2026-01-15
N/A
0.0
Rejected reason: Not used
CVE-2026-0600
2026-01-14
N/A
0.0
Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository 3 versions 3.0.0 and later allows authenticated administrators to configure proxy repositories with URLs that can access unintended network…
CVE-2026-0421
2026-01-14
MEDIUM
6.5
A potential vulnerability was reported in the BIOS of L13 Gen 6, L13 Gen 6 2-in-1, L14 Gen 6, and L16 Gen 2 ThinkPads which could result in…
CVE-2025-14058
2026-01-14
LOW
3.2
A potential missing authentication vulnerability was reported in some Lenovo Tablets that could allow an unauthorized user with physical access to modify Control Center settings if the device…
CVE-2025-13455
2026-01-14
HIGH
7.8
A vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to bypass ThinkPlus device authentication and enroll an untrusted fingerprint.
CVE-2025-13454
2026-01-14
MEDIUM
4.7
A potential vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to gain access to sensitive device information.
CVE-2025-13453
2026-01-14
MEDIUM
6.8
A potential vulnerability was reported in some ThinkPlus USB drives that could allow a user with physical access to read data stored on the drive.
CVE-2025-13154
2026-01-14
MEDIUM
5.5
An improper link following vulnerability was reported in the SmartPerformanceAddin for Lenovo Vantage that could allow an authenticated local user to perform an arbitrary file deletion with elevated…
CVE-2025-12533
2026-01-14
N/A
0.0
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-12166
2026-01-14
HIGH
7.5
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to blind SQL Injection via the `order` and `append_where_sql` parameters in all versions…
CVE-2026-0861
2026-01-14
HIGH
8.4
Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc, valloc, pvalloc) in the GNU C Library version 2.30 to 2.42 may result in…
CVE-2026-0601
2026-01-14
N/A
0.0
A reflected cross-site scripting vulnerability exists in Nexus Repository 3 that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted request requiring…
CVE-2025-14242
2026-01-14
MEDIUM
6.5
A flaw was found in vsftpd. This vulnerability allows a denial of service (DoS) via an integer overflow in the ls command parameter parsing, triggered by a remote,…
CVE-2026-23512
2026-01-14
HIGH
8.6
SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, there is a Untrusted Search Path vulnerability when Advanced Options setting is trigger. The application executes notepad.exe…
CVE-2026-23550
2026-01-14
CRITICAL
10.0
Incorrect Privilege Assignment vulnerability in Modular DS allows Privilege Escalation.This issue affects Modular DS: from n/a through 2.5.1.
CVE-2026-0962
2026-01-14
MEDIUM
5.3
SOME/IP-SD protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service
CVE-2026-0961
2026-01-14
MEDIUM
5.5
BLF file parser crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service
CVE-2026-0960
2026-01-14
MEDIUM
4.7
HTTP3 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.2 allows denial of service
CVE-2026-0959
2026-01-14
MEDIUM
5.3
IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service
CVE-2025-67835
2026-01-14
MEDIUM
6.5
Paessler PRTG Network Monitor before 25.4.114 allows Denial-of-Service (DoS) by an authenticated attacker via the Notification Contacts functionality.
CVE-2025-67834
2026-01-14
MEDIUM
5.4
Paessler PRTG Network Monitor before 25.4.114 allows XSS by an unauthenticated attacker via the filter parameter.
CVE-2025-63644
2026-01-14
MEDIUM
6.1
A stored cross-site scripting (XSS) vulnerability exists in pH7Software pH7-Social-Dating-CMS 17.9.1 in the user profile Description field.
CVE-2025-71021
2026-01-14
HIGH
7.5
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the serverName parameter of the sub_65A28 function. This vulnerability allows attackers to cause a Denial of Service…
CVE-2025-70747
2026-01-14
HIGH
7.5
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the serviceName parameter of the sub_65A28 function. This vulnerability allows attackers to cause a Denial of Service…
CVE-2025-65397
2026-01-14
HIGH
8.4
An insecure authentication mechanism in the safe_exec.sh startup script of Blurams Flare Camera version 24.1114.151.929 and earlier allows an attacker with physical access to the device to execute…
CVE-2025-65396
2026-01-14
MEDIUM
6.1
A vulnerability in the boot process of Blurams Flare Camera version 24.1114.151.929 and earlier allows a physically proximate attacker to hijack the boot mechanism and gain a bootloader…
CVE-2023-54341
2026-01-13
MEDIUM
6.1
Webgrind 1.1 and before contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts via the file parameter in index.php. The application does not…
CVE-2023-54339
2026-01-13
CRITICAL
9.8
Webgrind 1.1 contains a remote command execution vulnerability that allows unauthenticated attackers to inject OS commands via the dataFile parameter in index.php. Attackers can execute arbitrary system commands…
CVE-2023-54337
2026-01-13
HIGH
7.5
Sysax Multi Server 6.95 contains a denial of service vulnerability in the administrative password field that allows attackers to crash the application. Attackers can overwrite the password field…
CVE-2023-54335
2026-01-13
CRITICAL
9.8
eXtplorer 2.1.14 contains an authentication bypass vulnerability that allows attackers to login without a password by manipulating the login request. Attackers can exploit this flaw to upload malicious…
CVE-2023-54334
2026-01-13
CRITICAL
9.8
Explorer32++ 1.3.5.531 contains a buffer overflow vulnerability in Structured Exception Handler (SEH) records that allows attackers to execute arbitrary code. Attackers can exploit the vulnerability by providing a…
CVE-2023-54330
2026-01-13
CRITICAL
9.8
Inbit Messenger versions 4.6.0 to 4.9.0 contain a remote stack-based buffer overflow vulnerability that allows unauthenticated attackers to execute arbitrary code by sending malformed network packets. Attackers can…
CVE-2023-54329
2026-01-13
CRITICAL
9.8
Inbit Messenger 4.6.0 - 4.9.0 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by exploiting a stack overflow in the messenger's protocol.…
CVE-2023-54328
2026-01-13
CRITICAL
9.8
AimOne Video Converter 2.04 Build 103 contains a buffer overflow vulnerability in its registration form that causes application crashes. Attackers can generate a 7000-byte payload to trigger the…
CVE-2022-50939
2026-01-13
HIGH
7.2
e107 CMS version 3.2.1 contains a critical file upload vulnerability that allows authenticated administrators to override arbitrary server files through path traversal. The vulnerability exists in the Media…
CVE-2022-50937
2026-01-13
HIGH
7.2
Ametys CMS v4.4.1 contains a persistent cross-site scripting vulnerability in the link directory's input fields for external links. Attackers can inject malicious script code in link text and…
CVE-2022-50933
2026-01-13
HIGH
8.4
Cain & Abel 4.9.56 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted binary…
CVE-2022-50932
2026-01-13
HIGH
7.5
Kyocera Command Center RX ECOSYS M2035dn contains a directory traversal vulnerability that allows unauthenticated attackers to read sensitive system files by manipulating file paths under the /js/ path.…
CVE-2022-50928
2026-01-13
HIGH
8.4
BlueSoleilCS 5.4.277 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary…
CVE-2022-50925
2026-01-13
CRITICAL
9.8
Prowise Reflect version 1.0.9 contains a remote keystroke injection vulnerability that allows attackers to send keyboard events through an exposed WebSocket on port 8082. Attackers can craft malicious…
CVE-2022-50921
2026-01-13
HIGH
8.4
WOW21 5.0.1.9 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path…
« Anterior
Página 95 de 3929
Siguiente »
Page load link
Go to Top
